The Security Compliance Manager will be a hands-on role that verifies compliance of the confidentiality, integrity, and availability of CSL systems and data, as defined by CSL´s Information Security Framework (ISF).
This role has a focus on auditing the technical security compliance of internal and external technical products and information technology services and is also responsible for implementation and development of Security policies/standards, and security controls in alignment to Security Standards as ISO 27001
Main Responsibilities and Accountabilities
- Information Security Framework (ISF): Act as an Information Security and Risk subject matter expert for CSL´s Information Security Framework (ISF), and where needed develop new procedures to meet identified deficiencies. Provide oversight to ensure all Information Security Framework policies, standards and procedures are written in a consistent manner and are complete.
- Information Security Framework (ISF): Improve and develop the customer and risk focused Information Security Framework within CSL by using Best Practices (ISO 27000, ISO 27001, ISO 31000, NIST and IEC62443) principles. Maintain central knowledge repository (ISF WIKI) for IT and Security Risk related materials and resources, including Information Security Framework procedures and policies (ISF).
- Information Security Framework (ISF): Responsible to develop, improve and conduct enterprise wide information security awareness, education, and training campaigns on a frequently basis.
- Cyber Security Assessments: Responsible to design Information Security assessment processes such that they are conducted in a standardized, objective, comprehensive, measurable, and repeatable form.
- Cyber Security Assessments: Responsible to apply data analysis techniques to identify outliers and potential control compliance gaps. Responsible to maintain Information Security assessment corrective actions and preventive actions in CSL´s Cyber Security Assessment Management tool.
- Cyber Security Assessments: In conjunction with Quality departments, conduct both internal and vendor Cyber Security Assessments, as required. Coordinate external Cyber Security Assessment Support to conduct on site Cyber Security Assessments. Liaise with regulators and external Information Security auditors to ensure regulations, laws and security compliance are met.
- Information Security Risk Management: Interfaces with CSL´s user community and other CSL risk specialists to identify Information Security Risks. Continuous improvement of CSL’s BT / Information Security Risk Management process to a comprehensive overall Risk Management process.
- Information Security Risk Management: Tracks, control issues, supports, and reviews Risk Treatment plans.
- Information Security Risk Management: Responsible to maintain the Information Security Risks and Treatment plans in CSL´s Risk Management Tool.
- Information Security Metrics: Develop Information Security dashboard reports to communicate the relative effectiveness of implemented Security controls and identify potential trends and themes. Assist with creating consistent and consolidated reporting for all areas of Information Security and Risk that identify and control weaknesses and corresponding action plans.
Position Qualifications and Experience Requirements
- Undergraduate degree in computer science, computer engineering, information technology, mathematics, etc., Master’s degree desirable
- 5+ years of experience in IT working within an applicable function that directly aligns with the specific responsibilities for this position.
- Experience working within a global, matrix organization.
- Experience working in a controlled regulatory environment.
- Experience working in a pharmaceutical or biopharmaceutical environment.
- Information Security Audit experience.
- Risk Management experience.
- Project Management skills.
- Knowledge of information privacy and security laws (data breaches, GDPR, records management, and structured/unstructured data management).
- Understanding of risk-based frameworks and standards within information technology including but not limited to ISO27001; NIST; ISO31000; IEC62443; and ITIL.
- Experience in vendor security audits and security self-inspections.
- Process-oriented incident response and change management skills.
- Tactical enterprise-wide view of the business knowledge of strategy, processes, and capabilities, enabling technologies, and governance
- Exceptional communication skills and the ability to communicate appropriately at all levels of the organization; this includes written and verbal communications as well as visualizations, workshop facilitation and delivery, and other non-traditional forms of communication – capable of framing the problem in a meaningful and applicable manner
- Collaborative mindset able to work effectively at all levels of an organization with the ability to influence others to move toward consensus
- Situational analysis, decision making abilities and relationship management with key stakeholders across the organization
CSL Behring LLC will provide equal employment opportunity for all persons without discrimination based on membership in a legally protected class, including race, color, religion, national origin, gender, age, veteran status, or handicap/disability.
CSL Behring is committed to ensuring that diversity and inclusion are a part of our everyday business.
We encourage you to make your well-being a priority. It’s important and so are you. Learn more about [ Link removed ] - Click here to apply to Security GRC Manager, China at CSL.
About CSL Behring
CSL Behring is a global leader in developing and delivering high-quality medicines that treat people with rare and serious diseases. Our treatments offer promise for people in more than 100 countries living with conditions in the immunology, hematology, cardiovascular and metabolic, respiratory, and transplant therapeutic areas. Learn more about [ Link removed ] - Click here to apply to Security GRC Manager, China.
We want CSL to reflect the world around us
As a global organisation with employees in 35+ countries, CSL embraces diversity, equity and inclusion. Learn more about [ Link removed ] - Click here to apply to Security GRC Manager, China at CSL.
Do work that matters at CSL Behring!
- Iso/Iec 27001
- Incident Response
- Information Security
- Information Technology
- Cyber Security